Big4Guy
Big4GuyWelcome to Big4Guy.com. Big4Guy is an online resource where I will share with you the latest news, insights, knowledge and some experiences as a Big 4 consultant. We will discuss some of the important issues which organisations are facing today in the areas of information security, security and controls in SAP R/3, Oracle Applications, J.D.Edwards, Peoplesoft and various other ERP's. You will also find information on latest complaince regulations like Sarbanes Oxley, Basel II and so on. Big4guy will also attempt to provide valuable resources for individuals interested in examinations the CISA, CISM, CISSP, PMP and various other security certifications considered essential for entry in any Big 4 accounting, auditing and consulting firms. You are invited to post your comments and viewpoints to posts here. I sincerely hope this online journal will be useful to everyone from a budding student to a professional in the accounting, auditing, management and consultancy professions.
|
Post details: Key Controls for Sarbanes Oxley - Definition Concept & Basics
04/28/06
Key Controls for Sarbanes Oxley - Definition Concept & Basics
Section 404 requires management to test key controls which form part of the system of internal controls over financial reporting. So how does one define what is a key control? Although the PCAOB has used the term key controls in many of its documents and standards, there is no commonly accepted definition of key control. Recently, the IIA in a whitepaper on SOX has given a geenrally accepted definition of key control. Accordingly, a key control is defined as -
"A key control is a control that, if it fails, means there is at least a reasonable likelihood that a material error in the financial statements would not be prevented or detected on a timely basis."
Jeff and Louise, two SME's sarbanes oxley subject matter experts in our firm analyzed the above definition and came up with a much simpler version of the above definition of key controls. They define key controls simply as -
"A key control is a control that provides reasonable assurance that material errors will be prevented or detected in a timely manner."
Whichever definition your comfortable with, identifying key controls is neccesary for successful 404 compliance project. While identifying key controls, it is important not to define too many controls as key controls. This dilutes the importance of the controls assessment exercise and results in excess time as well as resources. Jeff explains the flip side that if too few controls are identified, management may have to incorporate additional key controls based on internal controls assessment of the auditor. I would also cover different approaches to identify key controls later in my posts.
Related Posts
Audit Partner Rotation - Section 203
Sarbanes Oxley & XBRL
Evaluating ITGC for SOX
Sarbanes Oxley Record Retention Requirements
Comments:
No Comments for this post yet...
Categories
Archives
Search
| Mon | Tue | Wed | Thu | Fri | Sat | Sun |
|---|---|---|---|---|---|---|
| << < | > >> | |||||
| 1 | 2 | 3 | 4 | 5 | 6 | 7 |
| 8 | 9 | 10 | 11 | 12 | 13 | 14 |
| 15 | 16 | 17 | 18 | 19 | 20 | 21 |
| 22 | 23 | 24 | 25 | 26 | 27 | 28 |
| 29 | 30 | |||||
Misc
All content copyright © 2005-2008
Big4Guy.com
Do not reproduce either in part or full without the express permission of the
Webmaster
